PT-2026-28635 · Drupal · Drupal Ai

Abhisek Mazumdar

Publicado

2026-03-11

Atualizado

2026-03-26

CVE-2026-3573

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.1.10 Drupal AI versions 1.2.0 through 1.2.11

Description An incorrect authorization issue exists in Drupal AI (Artificial Intelligence) that allows for resource injection. The module and certain submodules (AI Automators, AI Translate, AI API Explorer, AI Content Suggestions) allow the use of a Large Language Model (LLM) to generate HTML or Markdown, and preview it in a browser. Under specific conditions, rendering this HTML can expose secret communications related to the LLM request.

Recommendations Update Drupal AI to version 1.1.11 or later. Update Drupal AI to version 1.2.12 or later.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2026-3573

DRUPAL-CONTRIB-2026-028

Produtos afetados

Drupal Ai

PT-2026-28635 · Drupal · Drupal Ai

CVE-2026-3573

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4